Recent Updates Page 2

One of the new pre-realease features in ConfigMgr 1706 is the Run Script function which makes it possible to run Powershell scripts directly from the ConfigMgr console towards clients. This is a huge benefit to be able to do so because this means as long as the client is active in ConfigMgr console it will execute the script you triggered almost in real time and without going through the process of making sure that WinRM is active on the client and configuring firewall and all the other things that can be an issue when you deal with clients on different subnets, physical locations, behind different firewalls etc. As long as you have your ConfigMgr infrastructure in place and the clients are active you are all good to go.

What you could do and as I will showcase in this post is to invoke Configuration baseline evaluation on demand with the Run script function. I have an old blog post on how to to it with Powershell remotely ( https://timmyit.com/2016/07/26/sccm-and-powershell-trigger-baseline-evaluation-on-client/ ) but that means you have to have everything in place to remote access clients with Powershell which isn’t always the case in a lot of environments for many reasons.

Baseline Evaluation with Run script feature

Here’s the Powershell script we want to use to evaluate all of the baselines deployed to the machines in a device collection. If you just want to evaluate a specific one you need to modify the script.

Note,

When testing this script as a Run script I wasn’t able to run the original Powershell script as a function, it returned Exit code 0 but didn’t execute the evaluation method on the client for some reason through ConfigMgr but it did work when I ran it manually on the client. I’m currently troubleshooting that and will probably file a bug report when I have more info and do a separate blog post on that later. But in the meantime we will just have to skip function part. And just to emphasis this is still a prerelease feature.

I recently stumble upon a bug in ConfigMgr that can cause issues with application deployments so that applications won’t install. When you are creating and application and gets to the step where you are supposed to create a Deployment type and you give the deployment type a name containing some certain special characters this will cause you not to be able to install the application when deployed to a collection.

Following special characters have been tested and won’t cause any issues:

/ & ! # @ –

These special characters will cause issues:

\ ”

Example

Here you have an example where the Name field contains a backslash “Install\Uninstall”.

When trying to Install the application that contains the backslash character it can look like this where it just keeps saying “installing..” and won’t continue until you go to another pane and back and you will see the “Install” button again

Here’s a another example with different app but with the same scenario for the deployment type name and it can show up is with an error message like this:

And in some instances the application won’t show up at all (app that should appear is WinRar 5.4.0)

Here’s a short video showing off the issue

Workaround

So whats the workaround if this happens? Well it’s pretty simple actually.

Just rename the deployment type and remove the special character that caused the issue and let the client run an application deployment evaluation cycle and the installation will continue just fine.

Se which special characters that i found so far that will work and won’t work in the beginning of this post.

TLDR;

The following versions of the Elitebook also are affected and can use the same BIOS.

Elitebook 840 G4

Elitebook 850 G4

The issue

Earlier today I stumble upon an issue with the HP model Elitebook 820 G4 and bitlocker where during the startup it asked for BitLocker recovery key for no apparent reason.

In this specific scenario the Elitebook 820 G4 was replacing the old model Elitebook 820 G3 and just one week prior the Elitebook 820 G4 was implemented and installed without any issues. (What I didn’t know at the moment was that back then it was running BIOS version 01.03 and now it was running 01.05)

You could either input the bitlocker key and continue or just press ESC 3 times until you got in to BIOS and just press continue and the machine would continue without having to input any recovery key.

During the troubleshooting I made sure that the following things were as they should

Disk formated as GPT and not MBR – Checked

TPM 2.0 was enabled – checked

Legacy support disabled and Secure boot enabled – checked

and so on, there was nothing wrong with the configuration.

Still there was issues that not all the time but the majority of restarts the computer kept on asking for the bitlocker recovery key.

The solution

What I’ve found out was that the Firmware version 01.05 caused the issue. If you are running 01.03 you shouldn’t have this issue and on HP support site they just released a new version 01.06 so I updated and the problem was solved, no more bitlocker recovery key question during startup.

Checking the release notes for 01.06 from HP it also states it fixed issues with bitlocker:

This blog post is the first in a series of 2 where i will showcase how to export iprange and subnet boundaries and then how to import them with the help of a powershell script. I’m a big proponent for automating task to increase productivity and I believe in the mindset of always trying to improve what ever you are doing, regardless if that’s improving your workflow or learning something new to improve yourself. Invest time now to save time later but lets get back to the topic of this post and that’s about exporting boundaries from SCCM.

What do we want to achieve?

For example If you are in the process of setting up a new ConfigMgr environment and there’s an existing ConfigMgr environment that’s getting decommissioned but you aren’t performing a site migration and there’s still information like boundaries that
will be reused then here’s a script that will help you export IPRange and Subnet boundaries to .csv so you later can import them in the new environment because there’s no built in function in ConfigMgr to do that at the moment.

In the picture below we have our boundaries we want to export in to a file (in this case a .csv) and then later be able to import them back in to ConfigMgr.

Last year i wrote a blogpost about how to get all the powershell scripts used as detection methods and since then i have refined that script a bit and also added logic for it to now output any detection method using scripts regardless if its Powershell, VBScript or Javascript.

I want to share a script that came about after i wanted to get hold of all the WMI-queries that’s been created and used for populating different device collections without need to go in to every single one of them and extract the query manually. Especially if you are dealing with larger environments who might have hundreds of device collections and first of all figuring out which one actually uses WMI-queries and who doesn’t.

What do we want to achieve

Extracts all the WMI-queries used in SCCM and outputs them in to a .txt files for each Device Collection.